The /proc File System And ProcMeter
The /proc file system is a part of Linux that most people have not investigated deeply—perhaps may have never heard of. Like the kernel itself, it is a vital part of a Linux system. Yet its contents and its function are a mystery to most users. If the kernel is the brain of the operating system then the /proc file system is its personal organizer.
In this article I will describe the /proc file system—what it is, and how it can be used. There is also a description of the program ProcMeter that uses the /proc file system to display useful information.
First of all, the /proc file system is not a real file system; it is a virtual file system without the physical presence that a disk or a tape has. The most common file system you use is the collection of files on the disk. The disk stores the data without regard to meaning, and the file system (e.g., the Linux ext2fs system) makes sense of the data. The file system organizes the data as directories and files for the user. Another common file system is the Network File System (NFS), which makes files on remote computers accessible.
All file systems are managed by the Linux kernel, which maps the data on the device into a usable form. The user-level programs that access the file system do not need to know how or where the data is actually stored. When a program reads from a file, the kernel manipulates the appropriate device to obtain the data. When a program accesses one of the /proc files there is no device; instead, the kernel supplies the information from its internal state. The files exist only while there is a program actually looking at them.
The /proc file system is a feature which Linux inherited from one of its Unix ancestors. There are two main dialects of Unix in popular usage: System V and BSD. The history of these two are not important here, except that System V contains a /proc and BSD does not.
Everything that is happening in Linux. Every single program that is running, the entire contents of memory, the internal workings of the kernel—all the processes currently running on the system are contained in the /proc file system. proc is an abbreviation for process.
The most interesting files in /proc are listed below. This list was compiled from kernel version 1.2.13; other versions will be different. This is not a complete list, but contains only those files whose contents are obvious to casual browsers. A full description of the files can be read in the Linux kernel source code—a task not for the faint-hearted.
The contents of /proc are completely dependent on the processor architecture. (For example, the file /proc/cpuinfo is available only for ix86 processors.) The different types of hardware with which the kernel must communicate can also add files (e.g., /proc/pci on PCI bus computers). There are also files that are present or not, depending on which kernel options are compiled. (My /proc/modules is empty, because I did not compile in modules support.)
cpuinfo contains the information established by the kernel about the processor at boot time, e.g., the type of processor, including variant and features.
kcore contains the entire RAM contents as seen by the kernel.
loadavg contains the system load averages for the last 1, 5 and 15 minutes, along with the number of processes currently running and the total number of processes.
meminfo contains information about the memory usage, how much of the available RAM and swap space are in use and how the kernel is using them.
stat contains system statistics, counts of the amount of usage the kernel has made of basic system resources.
uptime contains the amount of time in seconds that the system has been running, and the amount of that time that it has been idle.
version contains the kernel version information that lists the version number, when it was compiled and who compiled it.
net/ is a directory containing network information.
net/dev contains a list of the network devices that are compiled into the kernel. For each device there are statistics on the number of packets that have been transmitted and received.
net/route contains the routing table that is used for routing packets on the network.
net/snmp contains statistics on the higher levels of the network protocol.
self/ contains information about the current process. The contents are the same as those in the per-process information described below.
pid/ contains information about process number pid. The kernel maintains a directory containing process information for each process.
pid/cmdline contains the command that was used to start the process (using null characters to separate arguments).
pid/cwd contains a link to the current working directory of the process.
pid/environ contains a list of the environment variables that the process has available.
pid/exe contains a link to the program that is running in the process.
pid/fd/ is a directory containing a link to each of the files that the process has open.
pid/mem contains the memory contents of the process.
pid/stat contains process status information.
pid/statm contains process memory usage information.
You can look at the contents of these files yourself. Just type:
and you will see something like:
total: used: free: shared: buffers: Mem: 11423744 8753152 2670592 2670592 2764800 Swap: 25800704 5328896 20471808This table shows you how much memory you have, the amount you are using and how it is being used.
Most people are using /proc without realizing it. The programs top, ps, free and their friends all use /proc. The information that they provide is taken directly from /proc and formatted for display.
Compare the contents of the /proc/meminfo file (above) with the command free that gives output that looks like:
total used free shared buffers Mem: 11156 8680 2476 2724 2800 Swap: 25196 5204 19992
As you can see, this table is just a formatted version of the contents of /proc/meminfo.
The output of the ps program is all available in /proc; all of the information is stored in the per-process directories. Most of it just needs to be reasonably formatted for the user.
ProcMeter is a program that monitors the information stored in /proc. The information is displayed in a number of graphs. Each of these graphs shows one aspect of the system. The program runs under X Windows on Linux only.
Anybody who has used xload, xmeter or perfmeter will recognize this description. The difference is these programs use a system-independent method of obtaining data, whereas ProcMeter was designed for Linux from the start. When ProcMeter is using /proc, it is occupying minimal memory and taking negligible CPU time. Once /proc is used, other ideas for obtaining data spring to mind. Looking at the table of /proc above, we can see there is a lot of useful information available.
The statistics available in ProcMeter can be divided naturally into a number of classes.
Processes—Basic information about the system, how busy it is and how heavily loaded it is. The processing power of the CPU is spread between all of the running processes and the kernel, and is idle for the remaining time.
is the total percentage of the CPU being used.
is the percentage of the CPU used by user processes.
is the percentage of the CPU used by nice (low priority) processes.
is the percentage of the CPU used by the kernel.
is the percentage of the CPU unused (opposite of CPU).
is the system load, the number of running processes averaged over the previous minute.
is the number of processes present on the system.
is the number of context switches between processes per second.
Memory (Real and Virtual)--Memory is such a precious resource (especially on small PCs for the home user) that it is important to keep track of it. The beauty of the Unix system is that the use of virtual memory (swap space) is transparent. Transparent, that is, until your computer makes a noise like a coffee grinder, and programs start to crawl—this is a sure sign that you are out of real memory and living in the virtual stuff.
is the amount of free RAM.
is the amount of used RAM.
is the amount of RAM used for file buffers.
is the amount of RAM used as cache memory (kernel version 2.0).
is the amount of swap space on disk being used (the shortfall in RAM).
is the amount of swapping (the sum of swap-in and swap-out).
is the number of pages of memory swapped in from disk per second.
is the number of pages of memory swapped out to disk per second.
Hardware—The hardware the operating system runs on is often a bottleneck in performance. Every interrupt that is generated by hardware must be processed by the kernel. The disk drive, another slow device, must also be controlled.
is the amount of paging (the sum of page-in and page-out).
is the number of pages of memory read in from disk per second.
is the number of pages of memory written out to disk per second.
is the number of disk accesses per second.
is the number of interrupts (IRQs) per second.
Network—When running on a network, there can be a quite an impact on system performance due to handling the traffic. Each packet that arrives must be handled promptly, causing hardware interrupts and kernel CPU usage.
is the number of packets on local interfaces (same machine).
is the total number of packets on fast network devices.
is the number of received packets on fast network devices.
is the number of transmitted packets on fast network devices.
is the total number of packets on slow network devices.
is the number of received packets on slow network devices.
is the number of transmitted packets on slow network devices.
I have a ProcMeter window permanently open occupying the right-hand edge of the screen. Most of the time it is just taking up space, but there are times when it can be very useful.
When getting files via FTP from the Internet, the amount of packets sent and received can be monitored. When the packets stop coming, the transfer is finished or stuck. This is a good time to ping the FTP site to see if the route is still open.
Have you ever felt that the program you have just written is taking too long to run? This could be a symptom of running out of RAM and using swap space. Try looking at the mem-used, mem-free, mem-swap and swap graphs. A steeply rising graph will indicate a memory leak.
The latest version of ProcMeter is version 2.1, available as source code by FTP from sunsite.unc.edu. The file is called procmeter-2.1.tgz, and is in the directory /pub/Linux/X11/xutils/status. Alternatively, if you have WWW access, the latest information about ProcMeter is available on my home page at http://www.gedanken.demon.co.uk/, along with links to other sources for the program.
Andrew Bishop has been using Linux for 2 years. The original version of ProcMeter was the first program he wrote using Linux. He programs mainly in C, Perl and Emacs Lisp on Unix systems, often inventing his own version of the wheel as he goes. He can be reached by e-mail at email@example.com.